Risk management Definitions
-
C
Center for Internet Security (CIS)
The Center for Internet Security (CIS) is a nonprofit organization focused on improving public- and private-sector cybersecurity readiness and response.
-
Certified Information Systems Risk and Compliance Professional (CISRCP)
A Certified Information Systems Risk and Compliance Professional (CISRCP) is a person in the information technology (IT) field that has passed an examination on risk and compliance topics developed by the International Association of Risk and Compliance Professionals (IARCP).
-
chief risk officer (CRO)
The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.
-
cloud computing security
Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use.
-
compliance audit
A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.
-
Computer Fraud and Abuse Act (CFAA)
The Computer Fraud and Abuse Act (CFAA) of 1986 is United States legislation that made it a federal crime to access a protected computer without proper authorization.
-
COMSEC (communications security)
Communications security (COMSEC) is the prevention of unauthorized access to telecommunications traffic, or to any information that is transmitted or transferred.
-
D
data governance policy
A data governance policy is an organization’s set of information management processes that are designed to assist business administration and protect company assets.
-
E
enterprise security governance
Enterprise security governance is a company's strategy to reduce risk by protecting systems and information, as well as its execution of that strategy.
-
I
inherent risk
Inherent risk is a category of threat that describes potential losses or pitfalls that exist before internal security controls or mitigating factors are implemented.
-
internal audit (IA)
An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine how well it conforms to a set of specific criteria.
-
N
National Information Assurance Partnership (NIAP)
The National Information Assurance Partnership (NIAP) is a U.S. government program designed to meet the security testing needs of information technology consumers and developers. The
-
NERC CIP (critical infrastructure protection)
The NERC CIP (critical infrastructure protection) plan is a set of requirements designed to secure assets vital to reliably operating North America's bulk electric system.
-
O
Occupational Safety and Health Administration (OSHA)
Occupational Safety and Health Administration (OSHA) is a federal organization (part of the Department of Labor) that ensures safe and healthy working conditions for Americans by enforcing standards and providing workplace safety training.
-
online risk
Online risk is the vulnerability of an organization's internal resources that arises from the organization using the Internet to conduct business.